Audit Logs¶
Deprecated
The standalone Audit Logs page has been replaced by the unified System Logs viewer, which aggregates all platform logs including user action audit trails. This page is retained for reference.
The Audit Logs page displays a chronological record of user actions performed on the platform. Audit logs provide accountability and traceability for administrative operations, configuration changes, and security-relevant events.
Audit Log Overview¶
Every significant action on the platform generates an audit log entry. Entries are immutable — they cannot be edited or deleted by any user, including administrators.
Log Viewer¶
The audit log viewer displays entries in reverse chronological order (newest first).
| Column | Description |
|---|---|
| Timestamp | Date and time the action occurred (UTC) |
| User | The user who performed the action |
| Action | The operation performed (e.g., user.created, event.updated) |
| Resource | The type and identifier of the affected resource |
| Details | Summary of what changed |
| IP Address | Source IP address of the request |
Action Categories¶
| Category | Example Actions |
|---|---|
| Authentication | auth.login, auth.logout, auth.failed |
| Users | user.created, user.updated, user.deactivated, user.role_changed |
| Events | event.created, event.updated, event.status_changed, event.deleted |
| Teams | group.created, group.updated, group.member_added, group.member_removed |
Audit Log Action Names
The backend API uses group.* action names for TAK protocol compatibility. These actions correspond to team operations in the admin UI.
| Certificates | certificate.issued, certificate.revoked, ca.generated | | Registrations | registration.approved, registration.rejected | | Settings | settings.updated, settings.smtp_changed | | Federation | federation.connected, federation.disconnected |
Filtering¶
Use the filter controls to narrow the log view.
| Filter | Description |
|---|---|
| Date Range | Start and end date/time |
| User | Filter by the user who performed the action |
| Action | Filter by action type or category |
| Resource Type | Filter by resource type (event, user, team, etc.) |
| Resource ID | Filter by a specific resource identifier |
Filters can be combined. Click Clear Filters to reset to the default view.
Log Detail View¶
Click a log entry to expand its detail view, which includes:
| Field | Description |
|---|---|
| Full Timestamp | Precise timestamp with milliseconds |
| User Agent | Browser or client user agent string |
| Request Method | HTTP method (GET, POST, PUT, DELETE) |
| Before State | Resource state before the change (for update actions) |
| After State | Resource state after the change (for update actions) |
| Metadata | Additional context (e.g., approval reason, role change details) |
The before/after state comparison highlights exactly what fields changed.
Export¶
Click Export to download audit log entries as a CSV file. The export respects the current filter settings — only filtered entries are included.
Retention¶
Audit log retention is configured in the platform Settings. By default, audit logs are retained indefinitely. The LOG_RETENTION_DAYS environment variable can set a maximum retention period.
See the Configuration Reference for logging configuration details.
Related Pages¶
- User Management — User actions tracked in audit logs
- Settings — Log retention configuration
- Logs — System-level service logs (separate from audit logs)